ProFTPD Developer's Guide: Configuration Expressions

ProFTPD Version 1.2

Table of Contents

Configuration Expressions
There are many configuration directives that can take as parameter a list of names, be they user, group, or class names. These lists are then evaluated as Boolean AND or OR expressions. Note that such name lists are very different from regular expressions, which are used for pattern matching.

An AND expression is simply one in which all of the elements in the list must evaluate to TRUE for the entire expression to be TRUE. Such an expression is usually useful when used on group names, for a user may be a member of multiple groups. For example, given a group expression like: 

  group1,group2
if evaluated as an AND expression, it will evaluate to TRUE if the current user is both a member of group1 and group2. Another example is: 
  group1,!group2
which, when evaluated as an AND expression, will be TRUE if the current user is a member of group1 and not a member of group2.

OR expressions are simpler, for only one element in the list needs to evaluate to TRUE for the entire expression to be TRUE. These expressions are usually useful for user and class names. For example: 

  user1,user2
when evaluated as an OR expression, will be TRUE if the current user is either user1 or user2. However, using the ! negation notation in an OR expression can easily catch the administrator offguard: 
  user2,!user3
As an OR expression, this would evaluate to TRUE for user1, for user1 != user3 is TRUE. All of this is valid for class names.

There are times when the developer may want to use user or class names in AND expressions, e.g.: 

  !user2,!user3
would evaluate to TRUE, as an AND expression, for any user other than user2 and user3.

The ProFTPD API functions for performing the evaluation of a given expression are: 

  pr_class_and_expression()
  pr_class_or_expression()
  pr_group_and_expression()
  pr_group_or_expression()
  pr_user_and_expression()
  pr_user_or_expression()
Note that for class expressions to be functional, the tagging of a client session with a class must be enabled via the ClassEngine configuration directive. Also, the above expressions all use the pertinent session_t members for comparisons (i.e. session.class, session.groups, session.user), and these members only became valid for use after the client has connected and authenticated.

Table of Contents


Author: $Author: castaglia $
Last Updated: $Date: 2003/03/09 00:07:33 $

© Copyright 2000-2003 TJ Saunders
All Rights Reserved